I was recently in the Chair for the Socitm London and South Regional Conference, where our main theme was cyber security. It was well attended by local government IT teams and industry suppliers; so cyber clearly matters.

However, most UK Boards will spend less than one to two per cent of agenda time covering the subject and only when a risk item is mentioned or when its too late and they have suffered the consequences of a breach or ransomware attack. This is despite the fact that IBM’s 2017 12th annual Cost of Data Breach Study, the industry’s gold-standard benchmark research, independently conducted by the Ponemon Institute, reported that the global average cost of a data breach is $3.62 million.

The Office of National Statistics estimate that there were two million cyber incidents in the past year

If these numbers were included in our crime figures, the UK’s crime rate would double

The average British home has eight devices connected to the internet with over 85% of businesses online. With the growth of Bots and Internet of Things in the home and office this provides enormous potential for day to day attacks from electronic data theft

65% of large businesses reported a cyber breach or attack in the past 12 months

Yet nine out of ten businesses don’t even have an incident management plan in the event of a cyber breach. Business must sharpen its approach as the scale of the threat from cyber increases and intensifies.

These are just a few of the headlines and in spite of the hardening of legislation with GDPR that came into effect on 25th May and the widespread publicity last year of the Wannacry Denial of Service attack on many public and private sector organisations, it has to be argued that not enough money and resource is being devoted to IT Security. Organisations are only spending 1-13% (Gartner, 2016) of their IT budget on IT security prevention solutions and training. In these days of austerity most public sector organisations will still be in the lower quartile and yet, with the volumes of personal and sensitive data held in the public sector, we are amongst the most attractive to be targeted by sophisticated organised crime and rogue states.

Although we had many knowledgeable speakers at the London and South 2018 SOCITM conference, what stands out are the insights from the keynote speaker – Commissioner Ian Dyson from the City of London Police. Commissioner Dyson leads a force with national responsibilities for action fraud and white-collar crime, which is increasingly cyber created crime. In addition, he is the national police SIRO and had played a leading role for representing national policing with the transition to GDPR compliance.

Related Content

Commissioner Dyson spoke about the scale and types of cyber crime in the UK today and what we can do to prevent and resolve these crimes. He gave examples of some of the growth areas fraudulent secondary ticket sites for ticket resales illustrating how easy it is to get the public to part with their money when the City of London Police set something up as an education exercise that, within 14 hours, could have taken £75,000 from members of the public who unwittingly had signed up to the dummy site.

He also emphasised the benefits of private and public partnerships with the need for private sector organisations to share intelligence with the police of attacks or attempted attacks. He outlined how viruses are like an organism and the more intelligence made available as early as possible enables patches to be rapidly to be developed to protect the public and organisations from new cyber threats.

As a leader – nationally and internationally – the City of London Police is rolling out cyber education with its Cyber Griffin training. After all, often the most overlooked and greatest threat to the security of an organisation is the carbon based one – people who through ignorance click on that website link that allows an infection to get through the organisation defences.

We all need to take action now to boost our cyber defences because, as Robert Muller, the former director of the FBI once said: “‘There are two types of company – those who have been hacked and those who will be.”

All the opinions and views expressed in this article are those of the author and are not associated with those of the City of London Corporation or City of London Police.